"Give me a place to stand, and I will move the world." — Archimedes
Fulcrum is the first Omni-Chain Security & Governance Layer. Built on Casper's robust permissioning system, Fulcrum provides enterprise-grade security infrastructure and unified governance for assets across the entire crypto ecosystem.
This is not another DeFi tool. This is critical infrastructure.
Most bridges move tokens. Fulcrum moves control—securely, verifiably, and at scale.
Fulcrum Controller is LIVE on Casper Testnet!
| Detail | Value |
|---|---|
| Contract Hash | hash-803bc77641db94ca0247662d76dbe96e4cc1feca82a269e3dd6d01035be99aa9 |
| Deploy Hash | 54728021ff9dc1222dbaeed4cb10665de86906e2cebe4103e494e8821b00ad86 |
| Network | Casper Testnet (casper-test) |
| Deployed | January 12, 2026 |
| Entry Point | submit_intent(target_chain: u64, target_address: String, data: String) |
| Explorer | View on Casper Explorer |
| Frontend | Run locally: cd fulcrum-web && npm run dev |
# Clone the repository
git clone https://github.com/chandan989/Fulcrum.git
cd Fulcrum
# Install frontend dependencies
cd fulcrum-web
npm install
# Start the development server
npm run dev
# Open http://localhost:8080
# Connect your Casper Wallet and create an intent!- Smart Contract: Rust (casper-contract 5.0.0, casper-types 6.0.0)
- Frontend: React + TypeScript + Vite
- Blockchain SDK: Casper JS SDK v5.0.7
- Wallet Integration: Casper Wallet + Legacy Signer
📚 Full Documentation: See DEPLOYMENT.md, TESTING.md, and INTEGRATION.md
The multi-chain future is inevitable. But today's solutions treat cross-chain as an application feature, not fundamental infrastructure.
Fulcrum is infrastructure. Like DNS for the internet or SWIFT for banking, Fulcrum provides the foundational security and governance layer that the multi-chain ecosystem desperately needs.
-
🔒 Security-First Architecture
- Single point of control = Single point of security
- Hardware-grade security models applicable across all chains
- Social recovery that works universally
-
🏛️ Governance Infrastructure
- Enterprise-grade multi-signature across chains
- Unified audit trails for regulatory compliance
- Policy enforcement at the protocol level
-
⚡ Zero-Knowledge Cryptography
- First implementation of ZK-verified Casper signatures on EVM
- Sets new standard for cross-chain signature verification
- Demonstrates deep understanding of blockchain economics
❌ Another yield aggregator
❌ A token bridge
❌ A DeFi protocol
✅ Security infrastructure for multi-chain asset management
✅ Governance infrastructure for cross-chain organizations
✅ Critical infrastructure that everything else builds on top of
- The Problem
- The Solution
- Architecture
- Core Value Propositions
- The Complexity Flex: ZK-Verified Signatures
- Use Cases
- Technical Deep Dive
- Security Model
- Governance Framework
- Getting Started
- API & SDK
- Testing
- Deployment
- Roadmap
- FAQ
- Contributing
- Community
- Glossary
- License
The multi-chain ecosystem has a security crisis and a governance vacuum.
Every chain is a separate security domain:
- Users maintain an average of 4.2 different wallets across chains (Source: DappRadar 2025)
- $3.8 billion lost to private key theft in 2024 alone
- Social engineering attacks up 340% year-over-year
- No unified recovery mechanism across chains
This is not sustainable at scale.
Enterprises and DAOs cannot operate effectively across chains:
- A DAO treasury on 5 chains requires 5 separate multi-sig setups
- No consistent policy enforcement across chains
- Fragmented audit trails make compliance nearly impossible
- CFOs cannot implement spending limits that work universally
Enterprise adoption is blocked by governance infrastructure gaps.
3. The Hidden Economic Cost
The real cost isn't just lost funds—it's opportunity cost:
- Enterprises stay on single chains, limiting reach
- DAOs fragment treasuries, reducing capital efficiency
- Users avoid multi-chain strategies due to complexity
- Innovation is constrained to single-chain silos
Current solutions treat security and governance as application concerns, not infrastructure.
Every project rebuilds the same security primitives. Every DAO redeploys the same multi-sig contracts. Every user manages the same private key nightmare.
We need a security and governance layer that works universally—like TCP/IP for blockchain.
Fulcrum provides infrastructure-grade security and governance for the multi-chain ecosystem.
Treat security and governance as a separate layer from execution:
- Security Layer (Casper): Your identity, access control, and recovery mechanisms
- Execution Layer (Any Chain): Where transactions actually happen
- Fulcrum: The bridge that makes security decisions binding across all chains
- Single Source of Truth: All security rules live on Casper
- Cryptographically Enforced: Smart Accounts on target chains verify Casper signatures
- Economically Viable: Zero-Knowledge proofs make verification affordable at scale
| Dimension | Traditional Bridges | OmniYield (DeFi Tool) | Fulcrum (Infrastructure) |
|---|---|---|---|
| Primary Function | Move tokens | Optimize yields | Secure & govern assets |
| Target User | Retail traders | DeFi power users | Enterprises, DAOs, serious investors |
| Security Model | Trust validators | Application-specific | Infrastructure-grade |
| Governance | None | None | First-class feature |
| Composability | Limited | Medium | Everything builds on it |
| Economic Moat | Low (many bridges) | Medium (DeFi competition) | High (infrastructure network effects) |
| Compliance Ready | No | No | Yes |
Network effects favor infrastructure.
When Fulcrum becomes the standard way to secure multi-chain assets:
- Every new chain integration increases value for all users
- Security improvements benefit the entire ecosystem
- Governance patterns become standardized
- Compliance frameworks can rely on a single audit trail
You can't build robust applications on shaky infrastructure. Fulcrum provides the foundation.
Fulcrum's architecture separates decision-making (Casper) from execution (target chains).
- The Controller (Casper): Security policies and governance rules
- The Relay Network: Decentralized, economically incentivized message passing
- The Avatar (Target Chains): Cryptographically enforced execution
graph TB
subgraph Security["🔒 SECURITY LAYER (Casper)"]
Controller[🎛️ Controller Contract]
Identity[👤 Identity & Access Control]
Governance[🏛️ Governance Rules]
Recovery[🔑 Social Recovery]
Vault[⛽ Gas Vault]
end
subgraph Infrastructure["⚙️ INFRASTRUCTURE LAYER"]
RelayerNet[Decentralized Relayer Network]
ZKProver[🧮 ZK Proof Generator]
Oracle[📊 Gas Price Oracle]
end
subgraph Execution["⚡ EXECUTION LAYER"]
subgraph Ethereum["Ethereum"]
Avatar1[🤖 Avatar + ZK Verifier]
DeFi1[DeFi Protocols]
end
subgraph Base["Base"]
Avatar2[🤖 Avatar + ZK Verifier]
DeFi2[NFT Marketplaces]
end
subgraph BSC["BSC"]
Avatar3[🤖 Avatar + ZK Verifier]
DeFi3[DEXes]
end
end
Identity --> Controller
Governance --> Controller
Recovery --> Controller
Controller -->|Emit Signed Intent| RelayerNet
RelayerNet -->|Generate ZK Proof| ZKProver
ZKProver -->|Submit Proof| Avatar1
ZKProver -->|Submit Proof| Avatar2
ZKProver -->|Submit Proof| Avatar3
Avatar1 -->|Verify & Execute| DeFi1
Avatar2 -->|Verify & Execute| DeFi2
Avatar3 -->|Verify & Execute| DeFi3
Vault -.->|Reimburse| RelayerNet
Oracle -.->|Price Feed| Vault
style Security fill:#1a1a2e
style Infrastructure fill:#16213e
style Execution fill:#0f3460
sequenceDiagram
participant User as 👤 User
participant Casper as 🔒 Casper Controller
participant ZK as 🧮 ZK Proof Generator
participant Relayer as ⚙️ Relayer
participant Avatar as 🤖 Ethereum Avatar
participant DeFi as 🦄 Uniswap
Note over User, Casper: SECURITY LAYER
User->>Casper: 1. Sign Intent + Governance Check
Casper->>Casper: 2. Validate (Multi-Sig, Spending Limits, Time Locks)
Casper->>Casper: 3. Emit LogRemoteOp(intent, ed25519_signature)
Note over ZK, Relayer: INFRASTRUCTURE LAYER
Relayer->>Casper: 4. Listen to Event Stream
Relayer->>ZK: 5. Generate ZK-SNARK Proof
Note right of ZK: Proves "I know valid<br/>Ed25519 signature"<br/>without revealing it
Note over Avatar, DeFi: EXECUTION LAYER
Relayer->>Avatar: 6. Submit(intent, zkProof, publicInputs)
Avatar->>Avatar: 7. Verify ZK Proof (50k gas)
Note right of Avatar: Instead of 150k gas<br/>for Ed25519 verification
Avatar->>Avatar: 8. Check Nonce, Expiry, Chain ID
Avatar->>DeFi: 9. Execute Intent (Swap ETH → USDC)
DeFi-->>Avatar: 10. Return USDC
Avatar-->>Relayer: 11. Emit Success Event
Relayer-->>Casper: 12. Claim Gas Reimbursement from Vault
Single Point of Control = Single Point of Security
Instead of securing N private keys across N chains, secure one key on Casper. All other chains inherit that security model.
Features:
- Hardware wallet integration (Ledger, Trezor support on Casper)
- Social recovery across ALL chains simultaneously
- Spending limits enforced universally
- Time-locks for large transactions
- 2FA/3FA support at the protocol level
Impact:
- 98% reduction in private key surface area
- Universal recovery: Lose Ethereum key? Recover via Casper guardians
- Insurance-ready: Single audit trail for security compliance
Build Once, Govern Everywhere
Define your governance structure on Casper; it works on every supported chain.
Features:
- Weighted multi-signature (e.g., "CEO has 60% voting power")
- Role-based access control (CFO approves >$100k, any exec approves <$100k)
- Proposal & voting systems that span chains
- Execution queues with time-delays
- Veto mechanisms for emergency stops
Use Cases:
- DAO Treasury Management: One governance structure for Ethereum + Arbitrum + Base holdings
- Enterprise Finance: CFO dashboard with approval workflows that work across all chains
- Family Offices: Trustees manage assets on multiple chains with unified policies
Impact:
- 80% reduction in governance setup complexity
- 100% consistency across chains
- Regulatory compliance via unified audit logs
Making Cross-Chain Security Affordable
The problem: Verifying Ed25519 signatures on Ethereum costs 150,000 gas ($5-15 depending on gas prices).
The solution: Generate a ZK-SNARK proof off-chain, verify it on-chain for 50,000 gas ($2-5).
Why This Matters:
- Makes frequent cross-chain operations economically viable
- Demonstrates deep technical sophistication
- Creates a defensible moat (hard to replicate)
This is the technical differentiator that wins hackathons and attracts serious builders.
Casper uses Ed25519 for signatures. Ethereum uses secp256k1. The EVM has no native Ed25519 support.
Naive solution: Implement Ed25519 verification in Solidity.
- Cost: ~150,000 gas per signature
- At $50 ETH: ~$7.50 per transaction
- Result: Economically unviable for most use cases
Instead of verifying the signature on-chain, we prove we have a valid signature using ZK-SNARKs.
-
Off-Chain: Relayer generates a ZK-SNARK proving:
"I know an Ed25519 signature S such that: - S is valid for public key P - S signs message M - M contains the intent hash" -
On-Chain: Avatar contract verifies the ZK proof:
function verifyIntent( Intent memory intent, Groth16Proof memory proof, uint256[2] memory pubSignals ) public returns (bool) { // Verify ZK proof (50k gas instead of 150k) require(zkVerifier.verifyProof(proof, pubSignals), "Invalid proof"); // Check intent hash matches proof's public input require(keccak256(abi.encode(intent)) == bytes32(pubSignals[0]), "Intent mismatch"); // Execute with confidence return true; }
-
Result: 3x cheaper verification, enabling economic viability at scale.
template Ed25519Verifier() {
// Public inputs
signal input messageHash;
signal input publicKeyX;
signal input publicKeyY;
// Private inputs (the signature itself)
signal private input signatureR[256];
signal private input signatureS[256];
// Verify Ed25519 equation: R + H(R,A,M)*A = S*G
component ed25519 = Ed25519CoreVerify();
ed25519.messageHash <== messageHash;
ed25519.pubKeyX <== publicKeyX;
ed25519.pubKeyY <== publicKeyY;
ed25519.sigR <== signatureR;
ed25519.sigS <== signatureS;
// Output: verification succeeded
ed25519.valid === 1;
}import { groth16 } from 'snarkjs';
async function generateProof(intent: Intent, signature: Ed25519Signature) {
const input = {
messageHash: hashIntent(intent),
publicKeyX: signature.publicKey.x,
publicKeyY: signature.publicKey.y,
signatureR: signature.R,
signatureS: signature.S
};
const { proof, publicSignals } = await groth16.fullProve(
input,
'circuits/ed25519_verifier.wasm',
'circuits/ed25519_verifier.zkey'
);
return { proof, publicSignals };
}contract AvatarWithZK {
IGroth16Verifier public immutable zkVerifier;
function executeIntent(
Intent calldata intent,
Groth16Proof calldata proof,
uint256[2] calldata publicSignals
) external returns (bool) {
// 1. Verify the ZK proof (~50k gas)
require(
zkVerifier.verifyProof(
[proof.a.x, proof.a.y],
[[proof.b.x[0], proof.b.x[1]], [proof.b.y[0], proof.b.y[1]]],
[proof.c.x, proof.c.y],
publicSignals
),
"Invalid ZK proof"
);
// 2. Verify public signals match intent
bytes32 intentHash = keccak256(abi.encode(intent));
require(bytes32(publicSignals[0]) == intentHash, "Intent hash mismatch");
// 3. Verify public key matches controller
bytes32 expectedPubKey = bytes32(publicSignals[1]);
require(controllerPublicKey == expectedPubKey, "Public key mismatch");
// 4. Check nonce and expiry (replay protection)
require(intent.nonce == nonces[intent.avatar]++, "Invalid nonce");
require(block.timestamp < intent.expiry, "Intent expired");
// 5. Execute the intent
(bool success, ) = intent.target.call{value: intent.value}(intent.data);
require(success, "Execution failed");
emit IntentExecuted(intentHash, intent.target);
return true;
}
}| Method | Gas Cost | USD Cost* | Feasibility |
|---|---|---|---|
| Naive Solidity Ed25519 | ~150,000 | $7.50 | ❌ Too expensive for most use cases |
| Fulcrum ZK-SNARK | ~50,000 | $2.50 | ✅ Economically viable |
| Future: EIP-7212 (native Ed25519) | ~3,000 | $0.15 | ✅ Best case (if EIP passes) |
*Assuming 50 gwei gas price, $3000 ETH
- Economic Viability: Makes cross-chain operations affordable at scale
- Technical Sophistication: Demonstrates mastery of modern cryptography
- Competitive Moat: Very few teams have ZK expertise + cross-chain vision
- Future-Proof: If EIP-7212 passes, we can switch to native verification seamlessly
This is the "Complexity Flex" that sets Fulcrum apart.
Scenario: A DAO with a $50M treasury split across Ethereum ($30M), Arbitrum ($15M), and Base ($5M).
The Problem:
- 3 separate multi-sig wallets (different signers, different thresholds)
- No unified spending limit
- CFO can't generate a single financial report
- Compliance nightmare for auditors
With Fulcrum:
// One governance structure on Casper
const governance = {
signers: [
{ address: "CEO", weight: 40 },
{ address: "CFO", weight: 30 },
{ address: "CTO", weight: 20 },
{ address: "Board1", weight: 5 },
{ address: "Board2", weight: 5 }
],
threshold: 60, // Requires CEO + CFO, or everyone else
policies: {
dailyLimit: "1000000 USD",
perTxLimit: "500000 USD",
whitelist: ["0xUniswap", "0xAAVE", "0xCompound"]
}
};
// Works across ALL chains
fulcrum.setGovernance(governance);
// Execute cross-chain rebalancing with one governance approval
fulcrum.executeBatch([
{ chain: "ethereum", action: "withdraw", protocol: "aave", amount: "1M USDC" },
{ chain: "arbitrum", action: "deposit", protocol: "compound", amount: "1M USDC" }
]);Impact:
- ✅ Single governance structure
- ✅ Unified audit trail
- ✅ Policy enforcement across all chains
- ✅ 90% reduction in setup complexity
Scenario: High net worth family with $20M across 5 chains, managed by trustees.
Requirements:
- Only designated trustees can move funds
- Junior beneficiaries can request <$10k without full approval
- All transactions require 48-hour time lock
- Emergency recovery if trustee loses access
With Fulcrum:
// Define access control on Casper
pub struct FamilyOfficePolicy {
trustees: Vec<(AccountHash, u8)>, // 3 trustees, equal weight
beneficiaries: Vec<AccountHash>, // 5 family members
rules: SecurityPolicy {
trustees_threshold: 2, // 2 of 3 trustees
beneficiary_limit: 10000, // $10k per day for beneficiaries
timelock: 172800, // 48 hours for trustee txs
emergency_guardians: 5, // Uncle, aunt, lawyer, accountant, friend
recovery_threshold: 3, // Any 3 can recover
}
}Scenarios:
- Regular spending: Beneficiary withdraws $5k → instant approval
- Large purchase: Trustee proposes $100k → 48hr timelock → 2 of 3 approve → executes
- Emergency: Trustee dies → 3 of 5 guardians rotate keys → family retains access to ALL chains
Impact:
- ✅ Sophisticated access control
- ✅ Protection against impulsive decisions (timelock)
- ✅ Universal recovery mechanism
- ✅ Works across Ethereum, Base, Arbitrum, BSC, Polygon simultaneously
Scenario: DeFi protocol with $100M POL across 8 chains, needs to rebalance based on market conditions.
Requirements:
- Fast rebalancing without bridging tokens
- Risk limits per chain
- Emergency withdrawal capability
- Transparent governance decisions
With Fulcrum:
// Define protocol treasury policy
const treasuryPolicy = {
governance: {
core_team: 3, // 3 core team members
threshold: 2, // 2-of-3 for execution
},
risk_limits: {
max_per_chain: "20M USD", // No more than 20% on one chain
max_single_protocol: "10M USD", // No more than $10M in one DeFi protocol
emergency_threshold: "50M USD", // If total value drops below this, auto-withdraw
},
automation: {
rebalance_threshold: 0.15, // Rebalance if any chain >15% above target
check_interval: 3600, // Check every hour
}
};
// Automated cross-chain rebalancing
fulcrum.automate({
condition: "liquidity_imbalance > 15%",
action: fulcrum.rebalance({
chains: ["ethereum", "base", "arbitrum", "optimism"],
target: "equal_distribution",
slippage: 0.005
})
});Impact:
- ✅ Instant rebalancing (no bridging delays)
- ✅ Automated risk management
- ✅ Transparent governance
- ✅ Emergency controls
Scenario: Public company managing crypto exposure across multiple chains, needs SOC2/ISO27001 compliance.
Requirements:
- Every transaction must be approved and logged
- Separation of duties (proposer ≠ approver)
- Regular audits with immutable records
- Geographic compliance (some chains restricted in some regions)
With Fulcrum:
// Corporate governance structure
const corporateGovernance = {
roles: {
"PROPOSER": ["treasury_associate_1", "treasury_associate_2"],
"APPROVER": ["cfo", "controller"],
"AUDITOR": ["internal_audit", "external_audit"], // Read-only
"ADMIN": ["ciso", "cto"] // Can modify policies
},
workflow: {
proposal_requires: ["PROPOSER"],
execution_requires: ["APPROVER"],
separation_of_duties: true, // Proposer cannot approve their own
audit_log: "immutable",
compliance: {
allowed_chains: ["ethereum", "base"], // Only regulated chains
blocked_contracts: ["0xTornado", "0xMixer"],
required_disclosures: true
}
}
};
// All transactions create immutable audit trail
fulcrum.proposeTransaction({
chain: "ethereum",
action: "transfer",
to: "0xVendor",
amount: "50000 USDC",
reason: "Q4 software license payment",
invoice: "INV-2026-1234"
});
// Auditor can query at any time
const auditReport = fulcrum.getAuditLog({
startDate: "2026-01-01",
endDate: "2026-12-31",
chains: "all",
format: "SOC2_compliant"
});Impact:
- ✅ SOC2/ISO27001 compliant by design
- ✅ Immutable audit trail across all chains
- ✅ Separation of duties enforced cryptographically
- ✅ Single pane of glass for auditors
graph LR
subgraph Casper
User[User Signs Intent]
Ed25519[Ed25519 Signature]
end
subgraph Relayer
Monitor[Event Monitor]
Circuit[ZK Circuit]
Prover[Proof Generator]
end
subgraph Ethereum
Verifier[Groth16 Verifier]
Avatar[Avatar Contract]
DeFi[DeFi Protocol]
end
User --> Ed25519
Ed25519 -->|Emit Event| Monitor
Monitor --> Circuit
Circuit --> Prover
Prover -->|ZK Proof + Public Inputs| Verifier
Verifier --> Avatar
Avatar --> DeFi
style Circuit fill:#4a148c
style Prover fill:#6a1b9a
style Verifier fill:#7b1fa2
The Ed25519 verification circuit has approximately ~1.2 million constraints.
Constraint Breakdown:
- Edwards curve point addition: ~450k constraints
- Scalar multiplication: ~600k constraints
- Hash verification (SHA-512): ~150k constraints
Proving Time: ~2-3 seconds on modern hardware (8-core CPU)
Proof Size: 128 bytes (Groth16)
Verification Gas: ~50,000 gas
Incentive Model:
- User deposits CSPR to Gas Vault
- Relayer listens for intents
- Relayer:
- Generates ZK proof (~2 sec)
- Pays gas on target chain
- Submits proof of execution to Casper
- Gas Vault reimburses:
(actual_gas_cost * cspr_eth_rate) + 5% fee
Example:
- Ethereum gas cost: 150,000 gas * 50 gwei = 0.0075 ETH ($22.50)
- Relayer fee: 5% = $1.13
- Total deducted from vault: $23.63 worth of CSPR
Relayer Staking (Planned):
- Minimum stake: 100,000 CSPR
- Slashing for: fraud, excessive failures, censorship
- Reputation system affects fee share
Global nonce per Avatar:
mapping(address => uint256) public nonces;Intent structure includes:
struct Intent {
uint256 nonce; // Must match current nonce
uint256 expiry; // Unix timestamp (max 24hr from signing)
uint256 chainId; // Prevents cross-chain replay
address avatar; // Which avatar is executing
address target; // Target contract
uint256 value; // Native token value
bytes data; // Calldata
}Protection against:
- ✅ Replay attacks (nonce increment)
- ✅ Cross-chain replay (chain ID binding)
- ✅ Expired intents (timestamp check)
- ✅ Wrong avatar (avatar address binding)
Problem: What if all relayers censor a user?
Solution: Emergency Direct Submission
Users can bypass relayers entirely:
// For advanced users, direct submission
const proof = await localZKProver.generate(intent, signature);
// Submit directly to Avatar on Ethereum
await avatar.executeIntent(intent, proof, publicSignals, {
gasLimit: 500000
});This requires:
- User has ETH for gas (defeats gas abstraction)
- User can generate ZK proofs locally (technical barrier)
But ensures: No relayer can permanently censor users.
| Threat | Impact | Likelihood | Mitigation |
|---|---|---|---|
| Casper Consensus Failure | Critical | Very Low | Trust Casper's PoS security |
| Smart Contract Bug (Avatar) | Critical | Medium | Audits, formal verification, bug bounties |
| Relayer Fraud/Censorship | Medium | Low | ZK verification, multiple relayers, direct submission |
| ZK Circuit Bug | Critical | Low | Circuit audits, trusted setup ceremony |
| Private Key Theft (Casper) | High | Medium | Social recovery, hardware wallets, MFA |
| Replay Attack | Medium | Very Low | Nonce system, chain ID, expiry |
| MEV Extraction | Low | Medium | Private mempools (future) |
Layer 1: Casper Security
- Hardware wallet support (Ledger, Trezor)
- Multi-signature at Casper level
- Time-locked upgrades
Layer 2: Protocol Security
- Immutable core contracts
- Upgrade mechanisms with 7-day timelock
- Multi-sig admin keys (transitioning to DAO governance)
**Layer 3: Execution SecurityZK-verified signatures (cryptographically sound)
- Nonce system (replay protection)
- Expiry timestamps (stale intent protection)
Layer 4: Economic Security
- Relayer staking and slashing
- Bug bounty program ($500k total)
- Insurance fund (planned)
Caution
Fulcrum is in ALPHA. Smart contracts are NOT audited. Use only with testnet funds.
Planned Audits:
| Firm | Scope | Timeline | Status |
|---|---|---|---|
| Trail of Bits | Smart contracts + ZK circuits | Q2 2026 | Scheduled |
| OpenZeppelin | Smart contracts | Q2 2026 | Scheduled |
| Least Authority | ZK circuits | Q3 2026 | In discussion |
| Certora | Formal verification | Q3 2026 | In discussion |
Bug Bounty:
- Launch: Q2 2026 (post-audit)
- Platform: Immunefi
- Max payout: $100,000 CSPR (Critical)
Most projects add governance as an afterthought. Fulcrum makes it a first-class feature.
The Vision: Every DAO, enterprise, or protocol should be able to deploy sophisticated governance that works across ALL chains with one setup.
pub struct MultiSigConfig {
signers: Vec<(AccountHash, u8)>, // Address + weight
threshold: u8, // Required total weight
}
// Example: Corporate structure
let corp_multisig = MultiSigConfig {
signers: vec![
(ceo_address, 50),
(cfo_address, 30),
(cto_address, 20),
],
threshold: 60, // CEO + CFO, or all three execs
};pub enum Role {
Admin, // Can modify governance
Proposer, // Can create intents
Approver, // Can approve intents
Executor, // Can execute approved intents
Auditor, // Read-only access
}
pub struct AccessPolicy {
roles: HashMap<AccountHash, Vec<Role>>,
role_permissions: HashMap<Role, Permissions>,
}pub struct SpendingPolicy {
daily_limit: U256,
per_tx_limit: U256,
monthly_budget: HashMap<Category, U256>,
}
// Example
let treasury_policy = SpendingPolicy {
daily_limit: U256::from(1_000_000), // $1M per day
per_tx_limit: U256::from(500_000), // $500k per transaction
monthly_budget: hashmap! {
Category::Marketing => U256::from(2_000_000),
Category::Development => U256::from(5_000_000),
Category::Operations => U256::from(1_000_000),
}
};pub struct TimeLockPolicy {
small_tx_threshold: U256, // Below this: instant
medium_tx_delay: u64, // Medium txs: 24hr delay
large_tx_threshold: U256, // Above this: 72hr delay
large_tx_delay: u64,
}Proposal → Approval → Execution Pipeline:
stateDiagram-v2
[*] --> Proposed: Intent Created
Proposed --> UnderReview: Governance Check
UnderReview --> TimeLocked: Threshold Met
UnderReview --> Rejected: Threshold Not Met
TimeLocked --> Executable: Time Lock Expired
Executable --> Executing: Relayer Submits
Executing --> Completed: Success
Executing --> Failed: Execution Error
Completed --> [*]
Failed --> [*]
Rejected --> [*]
// Setup a DAO with 1000 members, token-weighted voting
const daoGovernance = await fulcrum.createGovernance({
type: "token_weighted",
token: "0xDAOToken",
members: 1000,
// Voting parameters
proposalThreshold: "10000", // Need 10k tokens to propose
quorum: "40%", // 40% participation required
votingPeriod: 7 * 24 * 3600, // 7 days
// Execution parameters
timelockDelay: 48 * 3600, // 48hr timelock after vote passes
// Security parameters
guardians: ["0xFounder1", "0xFounder2", "0xFounder3"],
guardianVeto: true, // Guardians can veto malicious proposals
// Cross-chain execution
chains: ["ethereum", "base", "arbitrum", "optimism"],
});
// Propose cross-chain treasury rebalancing
await daoGovernance.propose({
title: "Q1 2026 Treasury Rebalancing",
description: "Move 30% of treasury to higher yield opportunities on Base",
actions: [
{
chain: "ethereum",
target: "0xAAVE",
action: "withdraw",
amount: "5000000 USDC"
},
{
chain: "base",
target: "0xCompound",
action: "deposit",
amount: "5000000 USDC"
}
]
});
// Vote, timelock, execute — all handled by FulcrumWe're building a Next.js dashboard for enterprises:
Features:
- Visual governance designer (drag-and-drop)
- Real-time voting status
- Cross-chain treasury overview
- Audit log export (CSV, JSON, PDF)
- Compliance reports (SOC2, ISO27001)
Target users: CFOs, treasurers, DAO operators
| Tool | Version | Purpose |
|---|---|---|
| Rust | 1.70+ | Casper contracts |
| Foundry | Latest | Ethereum contracts |
| Node.js | 18+ | Relayer & tooling |
| Circom | 2.0+ | ZK circuits |
| Docker | 20+ | Testing environment |
git clone https://github.com/your-username/fulcrum.git
cd fulcrum# Install Casper contracts
cd contracts/casper && cargo build --release
# Install Ethereum contracts
cd ../ethereum && forge install && forge build
# Install Relayer
cd ../../relay && npm install
# Install ZK circuits
cd ../zk-circuits && npm installcd zk-circuits
# Compile circuit
circom circuits/ed25519_verifier.circom \
--r1cs --wasm --sym \
-o build/
# Generate trusted setup (Powers of Tau)
npx snarkjs powersoftau new bn128 12 pot12_0000.ptau
npx snarkjs powersoftau contribute pot12_0000.ptau pot12_0001.ptau --name="First contribution"
# Generate proving and verification keys
npx snarkjs groth16 setup build/ed25519_verifier.r1cs pot12_0001.ptau ed25519_0000.zkey
npx snarkjs zkey contribute ed25519_0000.zkey ed25519_0001.zkey --name="Contribution 1"
npx snarkjs zkey export verificationkey ed25519_0001.zkey verification_key.json
# Generate Solidity verifier
npx snarkjs zkey export solidityverifier ed25519_0001.zkey ../contracts/ethereum/src/Groth16Verifier.sol# Deploy to Casper Testnet
cd contracts/casper
make deploy-testnet
# Deploy to Ethereum Sepolia
cd ../ethereum
forge script script/Deploy.s.sol \
--rpc-url $SEPOLIA_RPC_URL \
--private-key $DEPLOYER_KEY \
--broadcastcd relay
cp .env.example .env
# Edit .env with your configuration
npm startnpm install @fulcrum/sdkBasic Usage:
import { FulcrumSDK } from '@fulcrum/sdk';
const fulcrum = new FulcrumSDK({
casperNodeUrl: 'https://testnet.casper.network/rpc',
privateKeyPath: './keys/secret_key.pem',
controllerHash: 'hash-xxxxx'
});
await fulcrum.init();
// Execute remote transaction
const intent = await fulcrum.executeIntent({
chainId: 1,
target: '0xUniswapRouter',
data: swapCalldata,
gasLimit: 200000
});
console.log('Intent hash:', intent.hash);
console.log('Status:', await fulcrum.getStatus(intent.hash));# Unit tests (Casper)
cd contracts/casper && cargo test
# Unit tests (Ethereum)
cd contracts/ethereum && forge test --gas-report
# ZK circuit tests
cd zk-circuits && npm test
# Relayer tests
cd relay && npm test
# Integration tests (requires Docker)
docker-compose up -d
npm run test:integrationCurrent coverage (target: 90%+):
- Casper contracts: 85%
- Ethereum contracts: 92%
- ZK circuits: 78%
- Relayer: 81%
Goal: Prove the security and governance model works.
- Casper Controller with governance primitives
- EVM Avatar with ZK verification
- Relayer network (centralized bootstrap)
- ZK circuit for Ed25519 verification
- Testnet deployment (Casper + Sepolia)
Deliverable: Working demo of ZK-verified cross-chain transaction
Goal: Make it production-ready.
- Smart contract audits (Trail of Bits, OpenZeppelin)
- ZK circuit audit (Least Authority)
- Formal verification (Certora)
- Bug bounty launch ($500k pool)
- Social recovery implementation
- Multi-chain gas abstraction (Base, Arbitrum, Optimism)
Deliverable: Audited, production-ready contracts
Goal: Make governance accessible to enterprises.
- Governance dashboard (Next.js)
- Visual policy designer
- Compliance report generator
- Role-based access control UI
- Treasury analytics
- Mainnet beta (invite-only, $10M TVL cap)
Deliverable: Full governance platform UIPhase 4: Decentralization (Q4 2026)
Goal: Transition to fully decentralized protocol.
- Decentralized relayer network (50+ independent relayers)
- Relayer staking and slashing
- Governance token launch
- DAO transition
- Public mainnet (no TVL cap)
- Mobile SDK
Success Metrics:
- 10,000+ Avatars deployed
- $100M+ TVL
- 99.9% uptime
- <1% transaction failure rate
Bridges move tokens. Fulcrum moves control.
LayerZero, Wormhole, and similar protocols focus on cross-chain token transfers. Fulcrum provides security and governance infrastructure—you control Smart Accounts on multiple chains from a single point on Casper.
Different goals, different layers of the stack.
Economics. Verifying Ed25519 signatures on Ethereum natively costs ~150k gas ($5-15). With ZK proofs, we get it down to ~50k gas ($2-5).
This 3x cost reduction makes frequent cross-chain operations economically viable, which is critical for real-world adoption.
Relayers could theoretically censor specific users, but:
- Multiple independent relayers compete for fees
- Users can run their own relayers
- Emergency mode allows direct submission (bypassing relayers)
Decentralization is the end goal. Phase 4 fully decentralizes the relayer network.
Your funds remain safe in Avatar contracts on target chains. You wouldn't be able to submit new intents from Casper, but existing assets are unaffected.
Emergency recovery allows direct interaction with Avatars if needed.
Not yet. Audits scheduled for Q2 2026. Do not use with significant funds until audits complete.
[See full FAQ in enhanced_readme.md]
We welcome contributions! See CONTRIBUTING.md for guidelines.
Key areas needing help:
- ZK circuit optimization
- Additional chain integrations
- Governance dashboard UI
- Documentation improvements
- Discord: Join - Primary community hub
- Twitter: @FulcrumProtocol
- GitHub: Discussions
- Email: dev@fulcrum.io
Caution
Fulcrum is experimental infrastructure in ALPHA.
- Smart contracts are NOT audited
- Use only with testnet funds
- No warranty or guarantees
Do not use with real funds until:
- Audits complete (Q2 2026)
- Mainnet launches (Q3 2026)
- Sufficient battle-testing
MIT License - see LICENSE
